Re: Racoon: pfkey UPDATE failed: No such file or directory -- Please help

Hi,

I have changed to another setup for the testing,
The reference link I followed is from:
http://www.freebsddiary.org/ipsec-tunnel.php
I admit this webpage is quite old, but it seems one of the few easy
guideline I can follow.

The error I got this time (captured in Belmore and caused by pinging
from CORE to Bemore) is:
In CORE freebsd 6.2, I executed a ping command:
# ping 10.1.3.1

then I found the following error:
belmore# racoon -F -v -f /usr/local/etc/racoon/racoon.conf
Foreground mode.
2007-08-30 17:20:57: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-
tools.sourceforge.net)
2007-08-30 17:20:57: INFO: @(#)This product linked OpenSSL 0.9.7e-p1
25 Oct 2004 (http://www.openssl.org/)
2007-08-30 17:20:57: WARNING: /usr/local/etc/racoon/racoon.conf:47:
"support_mip6" it is obsoleted. use "support_proxy".
2007-08-30 17:20:57: DEBUG2: lifetime = 60
2007-08-30 17:20:57: DEBUG2: lifebyte = 0
2007-08-30 17:20:57: DEBUG2: encklen=0
2007-08-30 17:20:57: DEBUG2: p:1 t:1
2007-08-30 17:20:57: DEBUG2: 3DES-CBC(5)
2007-08-30 17:20:57: DEBUG2: MD5(1)
2007-08-30 17:20:57: DEBUG2: 1024-bit MODP group(2)
2007-08-30 17:20:57: DEBUG2: pre-shared key(1)
2007-08-30 17:20:57: DEBUG2:
2007-08-30 17:20:57: DEBUG: hmac(modp1024)
2007-08-30 17:20:57: DEBUG: compression algorithm can not be checked
because sadb message doesn't support it.
2007-08-30 17:20:57: DEBUG2: parse successed.
2007-08-30 17:20:57: DEBUG: open /var/db/racoon/racoon.sock as racoon
management.
2007-08-30 17:20:57: DEBUG: my interface: 10.1.10.2 (rl1)
2007-08-30 17:20:57: DEBUG: my interface: 192.168.1.2 (rl1)
2007-08-30 17:20:57: DEBUG: my interface: 10.1.10.99 (rl1)
2007-08-30 17:20:57: DEBUG: my interface: 10.1.1.99 (rl1)
2007-08-30 17:20:57: DEBUG: my interface: 10.1.3.1 (rl1)
2007-08-30 17:20:57: DEBUG: my interface: fe80::1%lo0 (lo0)
2007-08-30 17:20:57: DEBUG: my interface: ::1 (lo0)
2007-08-30 17:20:57: DEBUG: my interface: 127.0.0.1 (lo0)
2007-08-30 17:20:57: DEBUG: my interface: 121.44.74.93 (tun0)
2007-08-30 17:20:57: DEBUG: my interface: 10.1.3.1 (gif0)
2007-08-30 17:20:57: DEBUG: configuring default isakmp port.
2007-08-30 17:20:57: DEBUG: 10 addrs are configured successfully
2007-08-30 17:20:57: INFO: 10.1.3.1[500] used as isakmp port (fd=6)
2007-08-30 17:20:57: INFO: 121.44.74.93[500] used as isakmp port
(fd=7)
2007-08-30 17:20:57: INFO: 127.0.0.1[500] used as isakmp port (fd=8)
2007-08-30 17:20:57: INFO: ::1[500] used as isakmp port (fd=9)
2007-08-30 17:20:57: INFO: fe80::1%lo0[500] used as isakmp port
(fd=10)
2007-08-30 17:20:57: ERROR: failed to bind to address 10.1.3.1[500]
(Address already in use).
2007-08-30 17:20:57: INFO: 10.1.1.99[500] used as isakmp port (fd=11)
2007-08-30 17:20:57: INFO: 10.1.10.99[500] used as isakmp port (fd=12)
2007-08-30 17:20:57: INFO: 192.168.1.2[500] used as isakmp port
(fd=13)
2007-08-30 17:20:57: INFO: 10.1.10.2[500] used as isakmp port (fd=14)
2007-08-30 17:20:57: DEBUG: get pfkey X_SPDDUMP message
2007-08-30 17:20:57: DEBUG2:
02120000 17000100 01000000 59680000 03000500 ff180000 10020000
0a010200
00000000 00000000 03000600 ff180000 10020000 0a010300 00000000
00000000
07001200 02000100 bd470000 00000000 28003200 02020000 10020000
0a010201
00000000 00000000 10020000 0a010301 00000000 00000000 04000200
00000000
00000000 00000000 fa6ed646 00000000 fa6ed646 00000000 04000300
00000000
00000000 00000000 00000000 00000000 00000000 00000000
2007-08-30 17:20:57: DEBUG: get pfkey X_SPDDUMP message
2007-08-30 17:20:57: DEBUG2:
02120000 17000100 00000000 59680000 03000500 ff180000 10020000
0a010300
00000000 00000000 03000600 ff180000 10020000 0a010200 00000000
00000000
07001200 02000200 bc470000 00000000 28003200 02020000 10020000
0a010301
00000000 00000000 10020000 0a010201 00000000 00000000 04000200
00000000
00000000 00000000 fa6ed646 00000000 196fd646 00000000 04000300
00000000
00000000 00000000 00000000 00000000 00000000 00000000
2007-08-30 17:20:57: DEBUG: sub:0xbfbfe5a0: 10.1.3.0/24[0]
10.1.2.0/24[0] proto=any dir=out
2007-08-30 17:20:57: DEBUG: db :0x80bca08: 10.1.2.0/24[0]
10.1.3.0/24[0] proto=any dir=in
2007-08-30 17:21:12: DEBUG: ===
2007-08-30 17:21:12: DEBUG: 244 bytes message received from
10.1.2.1[500] to 10.1.3.1[500]
2007-08-30 17:21:12: DEBUG:
e857ea9b b5e9b0e3 00000000 00000000 01100400 00000000 000000f4
04000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001
800c003c
80010005 80030001 80020001 80040002 0a000084 3bca9169 ff2c60a1
7c25ca0c
fda71921 795a440d 36447432 ac8554f2 ea2a491f 583a308f e24d9501
c8639dbb
1f9c2ad7 d2b61408 96ad9345 eaadf76f c0558002 a9022505 3bbb1d7b
b9122338
f1ab9f55 fbe74313 bc4ec8fd 9273db45 4c200017 75cdfac5 e7785828
d53ad1ad
b0f15ef8 f7c3b544 1bdbe7c3 7eb8e5cc 71c3b9cd 05000014 abbecdb4
98b5ff93
470a0a30 21ded595 0000000c 011101f4 0a010201
2007-08-30 17:21:12: DEBUG: anonymous configuration selected for
10.1.2.1[500].
2007-08-30 17:21:12: DEBUG: ===
2007-08-30 17:21:12: INFO: respond new phase 1 negotiation:
10.1.3.1[500]<=>10.1.2.1[500]
2007-08-30 17:21:12: INFO: begin Aggressive mode.
2007-08-30 17:21:12: DEBUG: begin.
2007-08-30 17:21:12: DEBUG: seen nptype=1(sa)
2007-08-30 17:21:12: DEBUG: seen nptype=4(ke)
2007-08-30 17:21:12: DEBUG: seen nptype=10(nonce)
2007-08-30 17:21:12: DEBUG: seen nptype=5(id)
2007-08-30 17:21:12: DEBUG: succeed.
2007-08-30 17:21:12: DEBUG: received payload of type ke
2007-08-30 17:21:12: DEBUG: received payload of type nonce
2007-08-30 17:21:12: DEBUG: received payload of type id
2007-08-30 17:21:12: DEBUG: total SA len=48
2007-08-30 17:21:12: DEBUG:
00000001 00000001 00000028 01010001 00000020 01010000 800b0001
800c003c
80010005 80030001 80020001 80040002
2007-08-30 17:21:12: DEBUG: begin.
2007-08-30 17:21:12: DEBUG: seen nptype=2(prop)
2007-08-30 17:21:12: DEBUG: succeed.
2007-08-30 17:21:12: DEBUG: proposal #1 len=40
2007-08-30 17:21:12: DEBUG: begin.
2007-08-30 17:21:12: DEBUG: seen nptype=3(trns)
2007-08-30 17:21:12: DEBUG: succeed.
2007-08-30 17:21:12: DEBUG: transform #1 len=32
2007-08-30 17:21:12: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-30 17:21:12: DEBUG: type=Life Duration, flag=0x8000, lorv=60
2007-08-30 17:21:12: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-30 17:21:12: DEBUG: encryption(3des)
2007-08-30 17:21:12: DEBUG: type=Authentication Method, flag=0x8000,
lorv=pre-shared key
2007-08-30 17:21:12: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-30 17:21:12: DEBUG: hash(md5)
2007-08-30 17:21:12: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-30 17:21:12: DEBUG: hmac(modp1024)
2007-08-30 17:21:12: DEBUG: pair 1:
2007-08-30 17:21:12: DEBUG: 0x80c6370: next=0x0 tnext=0x0
2007-08-30 17:21:12: DEBUG: proposal #1: 1 transform
2007-08-30 17:21:12: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0,
#trns=1
2007-08-30 17:21:12: DEBUG: trns#=1, trns-id=IKE
2007-08-30 17:21:12: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-30 17:21:12: DEBUG: type=Life Duration, flag=0x8000, lorv=60
2007-08-30 17:21:12: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-30 17:21:12: DEBUG: type=Authentication Method, flag=0x8000,
lorv=pre-shared key
2007-08-30 17:21:12: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-30 17:21:12: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-30 17:21:12: DEBUG: Compared: DB:Peer
2007-08-30 17:21:12: DEBUG: (lifetime = 60:60)
2007-08-30 17:21:12: DEBUG: (lifebyte = 0:0)
2007-08-30 17:21:12: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-08-30 17:21:12: DEBUG: (encklen = 0:0)
2007-08-30 17:21:12: DEBUG: hashtype = MD5:MD5
2007-08-30 17:21:12: DEBUG: authmethod = pre-shared keyre-shared key
2007-08-30 17:21:12: DEBUG: dh_group = 1024-bit MODP group:1024-bit
MODP group
2007-08-30 17:21:12: DEBUG: an acceptable proposal found.
2007-08-30 17:21:12: DEBUG: hmac(modp1024)
2007-08-30 17:21:12: DEBUG: new cookie:
e129f451c7f6dbf4
2007-08-30 17:21:12: DEBUG: use ID type of IPv4_address
2007-08-30 17:21:12: DEBUG: compute DH's private.
2007-08-30 17:21:12: DEBUG:
69f58703 fdbd17ae 9343fef6 656c0ce5 74d4e0e8 5af649c6 ad599ed2
8fe018bc
47cbd2f3 40bbd19c 8298ab31 9ac263a1 ac02d69c 22893acb 0cad1995
0818790e
2dea8d8f 9817ae47 069b0d13 ecb00dc4 58b29d1e 7321f244 27699be0
5a51ee28
39bb4786 60d83416 f61383c1 57d4306e 88ac2799 7ffbae51 71f9611e
b68a93e0
2007-08-30 17:21:12: DEBUG: compute DH's public.
2007-08-30 17:21:12: DEBUG:
ac15946e 2d1d5e4d 67ab846c a1b70c4f 402f9693 9eee7a51 d997c6e1
ea08e2ee
217bb018 e86146b5 fc5e8518 41e72d01 54286ca2 b7b20ee3 e64391d3
ebef6127
f7f3dda5 9cc9fbee 033b8f20 3524ddfa b4afc584 2bce83bb 517709be
30109d28
ee84006d b923e3c6 97e889a1 2fa57293 e750ffc7 807bc801 1a10c3ec
55e22b5a
2007-08-30 17:21:12: DEBUG: compute DH's shared.
2007-08-30 17:21:12: DEBUG:
93b7a8a5 9b7a4a24 a4f201db 589fb575 1a51984e 71be9df6 7182bcad
647989c8
4a527731 a579df6f 2f7b7fb2 5cbcfafe 6e2a29dc 1974327e 14202d86
24a8785f
76d4b2ae 0f7b74db 06e136b6 a459c0f7 de149d1b 94aa1535 6237e3bf
85e0c515
d0cfff32 d51f54e7 b6bf8043 ca10282f 1cf29c17 2ee723f1 ec738b24
95fb1729
2007-08-30 17:21:12: NOTIFY: couldn't find the proper pskey, try to
get one by the peer's address.
2007-08-30 17:21:12: ERROR: couldn't find the pskey for 10.1.2.1.
2007-08-30 17:21:12: ERROR: failed to process packet.
^C2007-08-30 17:21:15: INFO: caught signal 2
2007-08-30 17:21:15: DEBUG: get pfkey FLUSH message
2007-08-30 17:21:15: DEBUG2:
02090000 02000000 00000000 59680000
2007-08-30 17:21:16: DEBUG: call pfkey_send_dump
2007-08-30 17:21:16: INFO: racoon shutdown
belmore#

Network ifconfig in CORE (freebsd 6.2):
core:racoon # ifconfig
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 13x.xx.xx.xx netmask 0xfffffff8 broadcast xx.xx.xx.xx
ether 00:02:a5:8c:81:af
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 10.1.10.1 netmask 0xffffff00 broadcast 10.1.10.255
inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
ether 00:02:a5:8c:82:01
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
enc0: flags=0<> mtu 1536
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet 10.1.1.1 netmask 0xffffff00
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 13x.xx.xx.xx --> 11x.xx.xx.xx
inet 10.1.2.1 --> 10.1.3.1 netmask 0xffffff00

In Belmore (freebsd 6.2):
belmore# ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
ether 00:50:c2:1b:d9:8e
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 10.1.10.2 netmask 0xffffff00 broadcast 10.1.10.255
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
inet 10.1.10.99 netmask 0xffffff00 broadcast 10.1.10.255
inet 10.1.1.99 netmask 0xffffff00 broadcast 10.1.1.255
inet 10.1.3.1 netmask 0xffffff00 broadcast 10.1.3.255
ether 00:50:c2:1b:d9:8d
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
ether 00:50:c2:1b:d9:8c
media: Ethernet autoselect (10baseT/UTP)
status: no carrier
rl3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
ether 00:50:c2:1b:d9:8b
media: Ethernet autoselect (10baseT/UTP)
status: no carrier
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 11x.xx.xx.xx --> 18x.xx.xx.xx netmask 0xffffffff
Opened by PID 881
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 11x.xx.xx.xx --> 13x.xx.xx.xx
inet 10.1.3.1 --> 10.1.2.1 netmask 0xffffff00
belmore#

.

Relevant Pages